I would like to leave any HTML in there, but just make sure that ending tags exist, so it doesn't screw up the rest of the page. Strip tags would just wipe out the HTML rather than allowing it and ending it safely. "Richard Lynch" <ceo@xxxxxxxxx> wrote in message news:1935.66.99.91.45.1102615931.squirrel@xxxxxxxxxxxxxxxx > Matt Palermo wrote: >> I am allowing users to imput HTML code into a textarea. After they input >> this, I wany to output their HTML to the browser. In order for the >> document >> to be safe, I need to close all open HTML tags that have been left open >> by >> the user, along with any open comments. Is there a way to take an HTML >> string and add closing tags and comments to it if needed? > > After you use http://php.net/tidy to fix the HTML, use > http://php.net/strip_tags to rip out all but the handful of tags you > really want to allow them to use, most especially any JavaScript they > might shove in to attack your (and my!) server. > > I *think* strip_tags rips out JavaScript. RTFM to be sure. > > -- > Like Music? > http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
